|
E-mail is critical to the
success and operation of most organizations.
Without e-mail, organizations are less efficient
and can’t compete against larger, and more
established firms.
Computer users are critical to
the success of an organization’s security
platform. E-mail threats such as spam, viruses,
and phishing specifically target users and their
end point devices. Hand held devices put data
"on the move" and the same users that are
critical to the success of an organization’s
security framework now present security related
risks.
E-mail systems require on-going
IT management and monitoring. Not only must
e-mail hardware and software be periodically
upgraded, these same systems must be patched on
a regular basis.
IT departments are responding to
known security threats by implementing
traditional security measures:
- Employee awareness - security education and training
- Anti-malware - anti-virus, anti-spam, anti-spyware, and anti-pop up software
- Patch management – keeping software and firmware patched and up-to-date
However, organization management
must be aware of other types of risks including
risks related to transmitting information:
- Confidentiality - e-mail attachments can include confidential information such as customer lists and
pricing that should not be sent to recipients outside of the organization
- Clear text – sensitive information can inadvertently be sent in clear text
- Traffic – e-mailing large documents creates bottlenecks and uses up valuable network bandwidth
- Compliance – meeting regulatory requirements related to information as it is collected, stored,
archived, and secured
Risk
assessments and
network
security audits can help organizations
evaluate additional risks such as service level
performance, support (technical and user),
redundancy and availability, as well as fail
over and contingency plans. Formal and
documented
policies ensure a top down approach to
managing e-mail and network security risks.
Security Blog menu
Tags: risk assessment | email risks | email
risk management
|
